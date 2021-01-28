Skip to Content

iOS 14 Features New 'BlastDoor' Messages Security System

iOS 14 added a new "BlastDoor" sandbox security system to iPhones and iPads to prevent attacks carried out with the Messages app. Apple didn't share information on the new security addition, but it was explained today by Samuel Groß, a security researcher with Google's Project Zero, and highlighted by ZDNet.

Groß describes BlastDoor as a tightly sandboxed service that's responsible for parsing all of the untrusted data in iMessages. A sandbox is a security service that executes code separately from the OS, and this one operates within the Messages app.

BlastDoor takes a look at all incoming messages and inspects their content in a secure environment, which prevents any malicious code inside of a message from interacting with iOS or accessing user data.

As can be seen, the majority of the processing of complex, untrusted data has been moved into the new BlastDoor service. Furthermore, this design with its 7+ involved services allows fine-grained sandboxing rules to be applied, for example, only the IMTransferAgent and apsd processes are required to perform network operations. As such, all services in this pipeline are now properly sandboxed (with the BlastDoor service arguably being sandboxed the strongest).

The feature has been designed to thwart specific attack types, such as those where hackers used shared cache or brute force attacks. As ZDNet points out, security researchers have been finding iMessage remote code execution bugs over the past few years that could allow an iPhone to be infiltrated with just a text, which BlastDoor should address.

Groß found the new ‌iOS 14‌ feature after investigating a Messages hacking campaign that targeted Al Jazeera journalists. The attack wasn't working in ‌iOS 14‌, and investigating why led to his discovery of BlastDoor.

According to Groß, Apple's BlastDoor changes are "close to the best that could've been done given the need for backwards compatibility," and will make the iMessage platform significantly more secure.

This blog post discussed three improvements in ‌iOS 14‌ affecting iMessage security: the BlastDoor service, resliding of the shared cache, and exponential throttling. Overall, these changes are probably very close to the best that could've been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole.

It's great to see Apple putting aside the resources for these kinds of large refactorings to improve end users' security. Furthermore, these changes also highlight the value of offensive security work: not just single bugs were fixed, but instead structural improvements were made based on insights gained from exploit development work.

Those interested in the full rundown on how BlastDoor works can visit the Project Zero blog post on the subject.

Brandon42
23 hours ago at 05:20 pm


How am I really suppose to trust that my messages aren't being passed through a government server ??

I checked with the FBI van that always parks outside and they say you can trust the government in this situation.
jaworskimatt
23 hours ago at 05:39 pm


So yeah, your messages are already on a govt server, before they hit your iPhone or any phone.

Not with end to end encryption, they aren't - which is why everyone should care about that. And why govts are slowly gearing up to outlaw "unbreakable" encryption.
Osamede
23 hours ago at 05:25 pm


How am I really suppose to trust that my messages aren't being passed through a government server ??

Snowden is stuck in exile and still no one seems to grasp what he revealed that got him in trouble: the government ( or a least the government where he was from) collects ALL your data, everybody’s data, period.

So yeah, your messages are already on a govt server, before they hit your iPhone or any phone.
zakarhino
22 hours ago at 06:27 pm


How am I really suppose to trust that my messages aren't being passed through a government server ??

Shhh.... He's listening....

cmaier
21 hours ago at 06:46 pm


Hopefully not. No point in giving bad actors any kind of advantage in defeating iOS security.

Security through obscurity is not a good strategy
hot-gril
22 hours ago at 06:24 pm


Not with end to end encryption, they aren't - which is why everyone should care about that. And why govts are slowly gearing up to outlaw "unbreakable" encryption.

We have low visibility into Apple's code, and even if it were open src, we'd not know whether their servers are always giving us the correct identities for others we message. Also, if your messages are backed up on iCloud, that's not e2ee'd, according to Apple.

Not to sound paranoid. I use it anyway. It's just not airtight.
